<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    
    <title>Database Table Authentication — Zend Framework 2 2.1.4 documentation</title>
    
    <link rel="stylesheet" href="zend.authentication.adapter.dbtable_files/default.css" type="text/css">
    <link rel="stylesheet" href="zend.authentication.adapter.dbtable_files/pygments.css" type="text/css">
    
    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    '../',
        VERSION:     '2.1.4',
        COLLAPSE_INDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  true
      };
    </script>
    <script type="text/javascript" src="zend.authentication.adapter.dbtable_files/jquery.js"></script>
    <script type="text/javascript" src="zend.authentication.adapter.dbtable_files/underscore.js"></script>
    <script type="text/javascript" src="zend.authentication.adapter.dbtable_files/doctools.js"></script>
    <link rel="top" title="Zend Framework 2 2.1.4 documentation" href="https://packages.zendframework.com/docs/latest/manual/en/index.html">
    <link rel="next" title="Digest Authentication" href="https://packages.zendframework.com/docs/latest/manual/en/modules/zend.authentication.adapter.digest.html">
    <link rel="prev" title="Introduction" href="https://packages.zendframework.com/docs/latest/manual/en/modules/zend.authentication.intro.html">
<style type="text/css">
    /* Styles for floating Edit on GitHub box */
    #editor-trap {
        padding: 1em;
        border: 1px solid white;
        width: 250px;

        display: none;
        color: white;
        background: #3f454b;
        position: fixed;
        bottom: 5px;
        left: 175px;
        font-size: 85%;
        text-align: left;
        z-index: 2;

        box-shadow: 0 4px 6px #333;
        -moz-box-shadow: 0 4px 6px #333;
        -webkit-box-shadow: 0 4px 6px #333;
        
        cursor: pointer;
    }

    #editor-trap h3 {
        margin: 0 0 0.5em 0;
        padding: 0;
    }

    #editor-trap h3 > span {
        padding: 0 6px;
        border: solid white;
        border-width: 0 1px 4px 1px;
        font-size: 10px;
    }

    #editor-trap a {
        color: #98DBCC;
    }

    #editor-trap ol {
        margin: 0;
        padding: 0 0 0 2em;
    }

    /* Hide trick */
    #editor-trap.toggled > * {
        display: none;
    }


    #editor-trap.toggled > h3 {
        display: block;
    }

    #editor-trap.toggled > h3 > span {
        border-width: 6px 1px 0 1px;
    }
    
    #edit-button {
        position: fixed;
        bottom: 5px;
        left: 5px;
        z-index: 2;
        width: 162px;
        height: 42px;
    }
</style>

  </head>
  <body>
    <div class="related">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="https://packages.zendframework.com/docs/latest/manual/en/genindex.html" title="General Index" accesskey="I">index</a></li>
        <li class="right">
          <a href="https://packages.zendframework.com/docs/latest/manual/en/modules/zend.authentication.adapter.digest.html" title="Digest Authentication" accesskey="N">next</a> |</li>
        <li class="right">
          <a href="https://packages.zendframework.com/docs/latest/manual/en/modules/zend.authentication.intro.html" title="Introduction" accesskey="P">previous</a> |</li>
        <li><a href="https://packages.zendframework.com/docs/latest/manual/en/index.html">Zend Framework 2 2.1.4 documentation</a> »</li> 
      </ul>
    </div>  

    <div class="document">
      <div class="documentwrapper">
        <div class="bodywrapper">
          <div class="body">
            
  <div class="section" id="database-table-authentication">
<span id="zend-authentication-adapter-dbtable"></span><h1>Database Table Authentication<a class="headerlink" href="#database-table-authentication" title="Permalink to this headline">¶</a></h1>
<div class="section" id="introduction">
<span id="zend-authentication-adapter-dbtable-introduction"></span><h2>Introduction<a class="headerlink" href="#introduction" title="Permalink to this headline">¶</a></h2>
<p><tt class="docutils literal"><span class="pre">Zend\Authentication\Adapter\DbTable</span></tt> provides the ability to authenticate against credentials stored in a
database table. Because <tt class="docutils literal"><span class="pre">Zend\Authentication\Adapter\DbTable</span></tt> requires an instance of <tt class="docutils literal"><span class="pre">Zend\Db\Adapter\Adapter</span></tt>
to be passed to its constructor, each instance is bound to a particular database connection. Other configuration
options may be set through the constructor and through instance methods, one for each option.</p>
<p>The available configuration options include:</p>
<ul class="simple">
<li><strong>tableName</strong>: This is the name of the database table that contains the authentication credentials, and against
which the database authentication query is performed.</li>
<li><strong>identityColumn</strong>: This is the name of the database table column used to represent the identity. The identity
column must contain unique values, such as a username or e-mail address.</li>
<li><strong>credentialColumn</strong>: This is the name of the database table column used to represent the credential. Under a
simple identity and password authentication scheme, the credential value corresponds to the password. See also
the <tt class="docutils literal"><span class="pre">credentialTreatment</span></tt> option.</li>
<li><strong>credentialTreatment</strong>: In many cases, passwords and other sensitive data are encrypted, hashed, encoded,
obscured, salted or otherwise treated through some function or algorithm. By specifying a parameterized treatment
string with this method, such as ‘<tt class="docutils literal"><span class="pre">MD5(?)</span></tt>‘ or ‘<tt class="docutils literal"><span class="pre">PASSWORD(?)</span></tt>‘, a developer may apply such arbitrary <em>SQL</em>
upon input credential data. Since these functions are specific to the underlying <em>RDBMS</em>, check the database
manual for the availability of such functions for your database system.</li>
</ul>
</div>
<div class="section" id="basic-usage">
<span id="zend-authentication-adapter-dbtable-introduction-example-basic-usage"></span><h2>Basic Usage<a class="headerlink" href="#basic-usage" title="Permalink to this headline">¶</a></h2>
<p>As explained in the introduction, the <tt class="docutils literal"><span class="pre">Zend\Authentication\Adapter\DbTable</span></tt> constructor requires an instance of
<tt class="docutils literal"><span class="pre">Zend\Db\Adapter\Adapter</span></tt> that serves as the database connection to which the authentication adapter instance is
bound. First, the database connection should be created.</p>
<p>The following code creates an adapter for an in-memory database, creates a simple table schema, and inserts a row
against which we can perform an authentication query later. This example requires the <em>PDO</em> SQLite extension to be
available:</p>
<div class="highlight-php"><table class="highlighttable"><tbody><tr><td class="linenos"><div class="linenodiv"><pre> 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24</pre></div></td><td class="code"><div class="highlight"><pre><span class="k">use</span> <span class="nx">Zend\Db\Adapter\Adapter</span> <span class="k">as</span> <span class="nx">DbAdapter</span><span class="p">;</span>

<span class="c1">// Create a SQLite database connection</span>
<span class="nv">$dbAdapter</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">DbAdapter</span><span class="p">(</span><span class="k">array</span><span class="p">(</span>
                <span class="s1">'driver'</span> <span class="o">=&gt;</span> <span class="s1">'Pdo_Sqlite'</span><span class="p">,</span>
                <span class="s1">'database'</span> <span class="o">=&gt;</span> <span class="s1">'path/to/sqlite.db'</span>
            <span class="p">));</span>

<span class="c1">// Build a simple table creation query</span>
<span class="nv">$sqlCreate</span> <span class="o">=</span> <span class="s1">'CREATE TABLE [users] ('</span>
           <span class="o">.</span> <span class="s1">'[id] INTEGER  NOT NULL PRIMARY KEY, '</span>
           <span class="o">.</span> <span class="s1">'[username] VARCHAR(50) UNIQUE NOT NULL, '</span>
           <span class="o">.</span> <span class="s1">'[password] VARCHAR(32) NULL, '</span>
           <span class="o">.</span> <span class="s1">'[real_name] VARCHAR(150) NULL)'</span><span class="p">;</span>

<span class="c1">// Create the authentication credentials table</span>
<span class="nv">$dbAdapter</span><span class="o">-&gt;</span><span class="na">query</span><span class="p">(</span><span class="nv">$sqlCreate</span><span class="p">);</span>

<span class="c1">// Build a query to insert a row for which authentication may succeed</span>
<span class="nv">$sqlInsert</span> <span class="o">=</span> <span class="s2">"INSERT INTO users (username, password, real_name) "</span>
           <span class="o">.</span> <span class="s2">"VALUES ('my_username', 'my_password', 'My Real Name')"</span><span class="p">;</span>

<span class="c1">// Insert the data</span>
<span class="nv">$dbAdapter</span><span class="o">-&gt;</span><span class="na">query</span><span class="p">(</span><span class="nv">$sqlInsert</span><span class="p">);</span>
</pre></div>
</td></tr></tbody></table></div>
<p>With the database connection and table data available, an instance of <tt class="docutils literal"><span class="pre">Zend\Authentication\Adapter\DbTable</span></tt> may
be created. Configuration option values may be passed to the constructor or deferred as parameters to setter
methods after instantiation:</p>
<div class="highlight-php"><table class="highlighttable"><tbody><tr><td class="linenos"><div class="linenodiv"><pre> 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17</pre></div></td><td class="code"><div class="highlight"><pre><span class="k">use</span> <span class="nx">Zend\Authentication\Adapter\DbTable</span> <span class="k">as</span> <span class="nx">AuthAdapter</span><span class="p">;</span>

<span class="c1">// Configure the instance with constructor parameters...</span>
<span class="nv">$authAdapter</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">AuthAdapter</span><span class="p">(</span><span class="nv">$dbAdapter</span><span class="p">,</span>
                               <span class="s1">'users'</span><span class="p">,</span>
                               <span class="s1">'username'</span><span class="p">,</span>
                               <span class="s1">'password'</span>
                               <span class="p">);</span>

<span class="c1">// ...or configure the instance with setter methods</span>
<span class="nv">$authAdapter</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">AuthAdapter</span><span class="p">(</span><span class="nv">$dbAdapter</span><span class="p">);</span>

<span class="nv">$authAdapter</span>
    <span class="o">-&gt;</span><span class="na">setTableName</span><span class="p">(</span><span class="s1">'users'</span><span class="p">)</span>
    <span class="o">-&gt;</span><span class="na">setIdentityColumn</span><span class="p">(</span><span class="s1">'username'</span><span class="p">)</span>
    <span class="o">-&gt;</span><span class="na">setCredentialColumn</span><span class="p">(</span><span class="s1">'password'</span><span class="p">)</span>
<span class="p">;</span>
</pre></div>
</td></tr></tbody></table></div>
<p>At this point, the authentication adapter instance is ready to accept authentication queries. In order to formulate
an authentication query, the input credential values are passed to the adapter prior to calling the
<tt class="docutils literal"><span class="pre">authenticate()</span></tt> method:</p>
<div class="highlight-php"><table class="highlighttable"><tbody><tr><td class="linenos"><div class="linenodiv"><pre>1
2
3
4
5
6
7</pre></div></td><td class="code"><div class="highlight"><pre><span class="c1">// Set the input credential values (e.g., from a login form)</span>
<span class="nv">$authAdapter</span>
    <span class="o">-&gt;</span><span class="na">setIdentity</span><span class="p">(</span><span class="s1">'my_username'</span><span class="p">)</span>
    <span class="o">-&gt;</span><span class="na">setCredential</span><span class="p">(</span><span class="s1">'my_password'</span><span class="p">)</span>
<span class="p">;</span>

<span class="c1">// Perform the authentication query, saving the result</span>
</pre></div>
</td></tr></tbody></table></div>
<p>In addition to the availability of the <tt class="docutils literal"><span class="pre">getIdentity()</span></tt> method upon the authentication result object,
<tt class="docutils literal"><span class="pre">Zend\Authentication\Adapter\DbTable</span></tt> also supports retrieving the table row upon authentication success:</p>
<div class="highlight-php"><table class="highlighttable"><tbody><tr><td class="linenos"><div class="linenodiv"><pre> 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17</pre></div></td><td class="code"><div class="highlight"><pre><span class="c1">// Print the identity</span>
<span class="k">echo</span> <span class="nv">$result</span><span class="o">-&gt;</span><span class="na">getIdentity</span><span class="p">()</span> <span class="o">.</span> <span class="s2">"</span><span class="se">\n\n</span><span class="s2">"</span><span class="p">;</span>

<span class="c1">// Print the result row</span>
<span class="nb">print_r</span><span class="p">(</span><span class="nv">$authAdapter</span><span class="o">-&gt;</span><span class="na">getResultRowObject</span><span class="p">());</span>

<span class="cm">/* Output:</span>
<span class="cm">my_username</span>

<span class="cm">Array</span>
<span class="cm">(</span>
<span class="cm">    [id] =&gt; 1</span>
<span class="cm">    [username] =&gt; my_username</span>
<span class="cm">    [password] =&gt; my_password</span>
<span class="cm">    [real_name] =&gt; My Real Name</span>
<span class="cm">)</span>
<span class="cm">*/</span>
</pre></div>
</td></tr></tbody></table></div>
<p>Since the table row contains the credential value, it is important to secure the values against unintended access.</p>
<p>When retrieving the result object, we can either specify what columns to return, or what columns to omit:</p>
<div class="highlight-php"><table class="highlighttable"><tbody><tr><td class="linenos"><div class="linenodiv"><pre> 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27</pre></div></td><td class="code"><div class="highlight"><pre><span class="nv">$columnsToReturn</span> <span class="o">=</span> <span class="k">array</span><span class="p">(</span>
    <span class="s1">'id'</span><span class="p">,</span> <span class="s1">'username'</span><span class="p">,</span> <span class="s1">'real_name'</span>
<span class="p">);</span>
<span class="nb">print_r</span><span class="p">(</span><span class="nv">$authAdapter</span><span class="o">-&gt;</span><span class="na">getResultRowObject</span><span class="p">(</span><span class="nv">$columnsToReturn</span><span class="p">));</span>

<span class="cm">/* Output:</span>

<span class="cm">Array</span>
<span class="cm">(</span>
<span class="cm">   [id] =&gt; 1</span>
<span class="cm">   [username] =&gt; my_username</span>
<span class="cm">   [real_name] =&gt; My Real Name</span>
<span class="cm">)</span>
<span class="cm">*/</span>

<span class="nv">$columnsToOmit</span> <span class="o">=</span> <span class="k">array</span><span class="p">(</span><span class="s1">'password'</span><span class="p">);</span>
<span class="nb">print_r</span><span class="p">(</span><span class="nv">$authAdapter</span><span class="o">-&gt;</span><span class="na">getResultRowObject</span><span class="p">(</span><span class="k">null</span><span class="p">,</span> <span class="nv">$columnsToOmit</span><span class="p">);</span>

<span class="cm">/* Output:</span>

<span class="cm">Array</span>
<span class="cm">(</span>
<span class="cm">   [id] =&gt; 1</span>
<span class="cm">   [username] =&gt; my_username</span>
<span class="cm">   [real_name] =&gt; My Real Name</span>
<span class="cm">)</span>
<span class="cm">*/</span>
</pre></div>
</td></tr></tbody></table></div>
</div>
<div class="section" id="advanced-usage-persisting-a-dbtable-result-object">
<span id="zend-authentication-adapter-dbtable-advanced-storing-result-row"></span><h2>Advanced Usage: Persisting a DbTable Result Object<a class="headerlink" href="#advanced-usage-persisting-a-dbtable-result-object" title="Permalink to this headline">¶</a></h2>
<p>By default, <tt class="docutils literal"><span class="pre">Zend\Authentication\Adapter\DbTable</span></tt> returns the identity supplied back to the auth object upon
successful authentication. Another use case scenario, where developers want to store to the persistent storage
mechanism of <tt class="docutils literal"><span class="pre">Zend\Authentication</span></tt> an identity object containing other useful information, is solved by using the
<tt class="docutils literal"><span class="pre">getResultRowObject()</span></tt> method to return a <strong>stdClass</strong> object. The following code snippet illustrates its use:</p>
<div class="highlight-php"><table class="highlighttable"><tbody><tr><td class="linenos"><div class="linenodiv"><pre> 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26</pre></div></td><td class="code"><div class="highlight"><pre><span class="c1">// authenticate with Zend\Authentication\Adapter\DbTable</span>
<span class="nv">$result</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">_auth</span><span class="o">-&gt;</span><span class="na">authenticate</span><span class="p">(</span><span class="nv">$adapter</span><span class="p">);</span>

<span class="k">if</span> <span class="p">(</span><span class="nv">$result</span><span class="o">-&gt;</span><span class="na">isValid</span><span class="p">())</span> <span class="p">{</span>
    <span class="c1">// store the identity as an object where only the username and</span>
    <span class="c1">// real_name have been returned</span>
    <span class="nv">$storage</span> <span class="o">=</span> <span class="nv">$this</span><span class="o">-&gt;</span><span class="na">_auth</span><span class="o">-&gt;</span><span class="na">getStorage</span><span class="p">();</span>
    <span class="nv">$storage</span><span class="o">-&gt;</span><span class="na">write</span><span class="p">(</span><span class="nv">$adapter</span><span class="o">-&gt;</span><span class="na">getResultRowObject</span><span class="p">(</span><span class="k">array</span><span class="p">(</span>
        <span class="s1">'username'</span><span class="p">,</span>
        <span class="s1">'real_name'</span><span class="p">,</span>
    <span class="p">)));</span>

    <span class="c1">// store the identity as an object where the password column has</span>
    <span class="c1">// been omitted</span>
    <span class="nv">$storage</span><span class="o">-&gt;</span><span class="na">write</span><span class="p">(</span><span class="nv">$adapter</span><span class="o">-&gt;</span><span class="na">getResultRowObject</span><span class="p">(</span>
        <span class="k">null</span><span class="p">,</span>
        <span class="s1">'password'</span>
    <span class="p">));</span>

    <span class="cm">/* ... */</span>

<span class="p">}</span> <span class="k">else</span> <span class="p">{</span>

    <span class="cm">/* ... */</span>

<span class="p">}</span>
</pre></div>
</td></tr></tbody></table></div>
<div class="section" id="advanced-usage-by-example">
<span id="zend-authentication-adapter-dbtable-advanced-advanced-usage"></span><h3>Advanced Usage By Example<a class="headerlink" href="#advanced-usage-by-example" title="Permalink to this headline">¶</a></h3>
<p>While the primary purpose of the <tt class="docutils literal"><span class="pre">Zend\Authentication</span></tt> component (and consequently
<tt class="docutils literal"><span class="pre">Zend\Authentication\Adapter\DbTable</span></tt>) is primarily <strong>authentication</strong> and not <strong>authorization</strong>, there are a few
instances and problems that toe the line between which domain they fit within. Depending on how you’ve decided to
explain your problem, it sometimes makes sense to solve what could look like an authorization problem within the
authentication adapter.</p>
<p>With that disclaimer out of the way, <tt class="docutils literal"><span class="pre">Zend\Authentication\Adapter\DbTable</span></tt> has some built in mechanisms that can
be leveraged for additional checks at authentication time to solve some common user problems.</p>
<div class="highlight-php"><table class="highlighttable"><tbody><tr><td class="linenos"><div class="linenodiv"><pre> 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17</pre></div></td><td class="code"><div class="highlight"><pre><span class="k">use</span> <span class="nx">Zend\Authentication\Adapter\DbTable</span> <span class="k">as</span> <span class="nx">AuthAdapter</span><span class="p">;</span>

<span class="c1">// The status field value of an account is not equal to "compromised"</span>
<span class="nv">$adapter</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">AuthAdapter</span><span class="p">(</span><span class="nv">$db</span><span class="p">,</span>
                           <span class="s1">'users'</span><span class="p">,</span>
                           <span class="s1">'username'</span><span class="p">,</span>
                           <span class="s1">'password'</span><span class="p">,</span>
                           <span class="s1">'MD5(?) AND status != "compromised"'</span>
                           <span class="p">);</span>

<span class="c1">// The active field value of an account is equal to "TRUE"</span>
<span class="nv">$adapter</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">AuthAdapter</span><span class="p">(</span><span class="nv">$db</span><span class="p">,</span>
                           <span class="s1">'users'</span><span class="p">,</span>
                           <span class="s1">'username'</span><span class="p">,</span>
                           <span class="s1">'password'</span><span class="p">,</span>
                           <span class="s1">'MD5(?) AND active = "TRUE"'</span>
                           <span class="p">);</span>
</pre></div>
</td></tr></tbody></table></div>
<p>Another scenario can be the implementation of a salting mechanism. Salting is a term referring to a technique which
can highly improve your application’s security. It’s based on the idea that concatenating a random string to every
password makes it impossible to accomplish a successful brute force attack on the database using pre-computed hash
values from a dictionary.</p>
<p>Therefore, we need to modify our table to store our salt string:</p>
<div class="highlight-php"><table class="highlighttable"><tbody><tr><td class="linenos"><div class="linenodiv"><pre>1
2
3</pre></div></td><td class="code"><div class="highlight"><pre><span class="nv">$sqlAlter</span> <span class="o">=</span> <span class="s2">"ALTER TABLE [users] "</span>
          <span class="o">.</span> <span class="s2">"ADD COLUMN [password_salt] "</span>
          <span class="o">.</span> <span class="s2">"AFTER [password]"</span><span class="p">;</span>
</pre></div>
</td></tr></tbody></table></div>
<p>Here’s a simple way to generate a salt string for every user at registration:</p>
<div class="highlight-php"><table class="highlighttable"><tbody><tr><td class="linenos"><div class="linenodiv"><pre>1
2
3
4</pre></div></td><td class="code"><div class="highlight"><pre><span class="nv">$dynamicSalt</span> <span class="o">=</span> <span class="s1">''</span><span class="p">;</span>
<span class="k">for</span> <span class="p">(</span><span class="nv">$i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nv">$i</span> <span class="o">&lt;</span> <span class="mi">50</span><span class="p">;</span> <span class="nv">$i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span>
    <span class="nv">$dynamicSalt</span> <span class="o">.=</span> <span class="nb">chr</span><span class="p">(</span><span class="nx">rand</span><span class="p">(</span><span class="mi">33</span><span class="p">,</span> <span class="mi">126</span><span class="p">));</span>
<span class="p">}</span>
</pre></div>
</td></tr></tbody></table></div>
<p>And now let’s build the adapter:</p>
<div class="highlight-php"><table class="highlighttable"><tbody><tr><td class="linenos"><div class="linenodiv"><pre>1
2
3
4
5
6</pre></div></td><td class="code"><div class="highlight"><pre><span class="nv">$adapter</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">AuthAdapter</span><span class="p">(</span><span class="nv">$db</span><span class="p">,</span>
                           <span class="s1">'users'</span><span class="p">,</span>
                           <span class="s1">'username'</span><span class="p">,</span>
                           <span class="s1">'password'</span><span class="p">,</span>
                           <span class="s2">"MD5(CONCAT('staticSalt', ?, password_salt))"</span>
                          <span class="p">);</span>
</pre></div>
</td></tr></tbody></table></div>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">You can improve security even more by using a static salt value hard coded into your application. In the case
that your database is compromised (e. g. by an <em>SQL</em> injection attack) but your web server is intact your data
is still unusable for the attacker.</p>
</div>
<p>Another alternative is to use the <tt class="docutils literal"><span class="pre">getDbSelect()</span></tt> method of the <tt class="docutils literal"><span class="pre">Zend\Authentication\Adapter\DbTable</span></tt> after the
adapter has been constructed. This method will return the <tt class="docutils literal"><span class="pre">Zend\Db\Sql\Select</span></tt> object instance it will use to
complete the <tt class="docutils literal"><span class="pre">authenticate()</span></tt> routine. It is important to note that this method will always return the same
object regardless if <tt class="docutils literal"><span class="pre">authenticate()</span></tt> has been called or not. This object <strong>will not</strong> have any of the identity
or credential information in it as those values are placed into the select object at <tt class="docutils literal"><span class="pre">authenticate()</span></tt> time.</p>
<p>An example of a situation where one might want to use the <tt class="docutils literal"><span class="pre">getDbSelect()</span></tt> method would check the status of a
user, in other words to see if that user’s account is enabled.</p>
<div class="highlight-php"><table class="highlighttable"><tbody><tr><td class="linenos"><div class="linenodiv"><pre> 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14</pre></div></td><td class="code"><div class="highlight"><pre><span class="c1">// Continuing with the example from above</span>
<span class="nv">$adapter</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">AuthAdapter</span><span class="p">(</span><span class="nv">$db</span><span class="p">,</span>
                           <span class="s1">'users'</span><span class="p">,</span>
                           <span class="s1">'username'</span><span class="p">,</span>
                           <span class="s1">'password'</span><span class="p">,</span>
                           <span class="s1">'MD5(?)'</span>
                           <span class="p">);</span>

<span class="c1">// get select object (by reference)</span>
<span class="nv">$select</span> <span class="o">=</span> <span class="nv">$adapter</span><span class="o">-&gt;</span><span class="na">getDbSelect</span><span class="p">();</span>
<span class="nv">$select</span><span class="o">-&gt;</span><span class="na">where</span><span class="p">(</span><span class="s1">'active = "TRUE"'</span><span class="p">);</span>

<span class="c1">// authenticate, this ensures that users.active = TRUE</span>
<span class="nv">$adapter</span><span class="o">-&gt;</span><span class="na">authenticate</span><span class="p">();</span>
</pre></div>
</td></tr></tbody></table></div>
</div>
</div>
</div>


          </div>
        </div>
      </div>
      <div class="sphinxsidebar">
        <div class="sphinxsidebarwrapper">
            <p class="logo"><a href="https://packages.zendframework.com/docs/latest/manual/en/index.html">
              <img class="logo" src="zend.authentication.adapter.dbtable_files/zf2_logo.png" alt="Logo">
            </a></p>
  <h3><a href="https://packages.zendframework.com/docs/latest/manual/en/index.html">Table Of Contents</a></h3>
  <ul>
<li><a class="reference internal" href="#">Database Table Authentication</a><ul>
<li><a class="reference internal" href="#introduction">Introduction</a></li>
<li><a class="reference internal" href="#basic-usage">Basic Usage</a></li>
<li><a class="reference internal" href="#advanced-usage-persisting-a-dbtable-result-object">Advanced Usage: Persisting a DbTable Result Object</a><ul>
<li><a class="reference internal" href="#advanced-usage-by-example">Advanced Usage By Example</a></li>
</ul>
</li>
</ul>
</li>
</ul>

  <h4>Previous topic</h4>
  <p class="topless"><a href="https://packages.zendframework.com/docs/latest/manual/en/modules/zend.authentication.intro.html" title="previous chapter">Introduction</a></p>
  <h4>Next topic</h4>
  <p class="topless"><a href="https://packages.zendframework.com/docs/latest/manual/en/modules/zend.authentication.adapter.digest.html" title="next chapter">Digest Authentication</a></p>
  <h3>This Page</h3>
  <ul class="this-page-menu">
    <li>
        <!--<a href="../_sources/modules/zend.authentication.adapter.dbtable.txt"-->
        <a href="https://github.com/zendframework/zf2-documentation/blob/master/docs/languages/en/modules/zend.authentication.adapter.dbtable.rst" rel="nofollow">Show Source</a></li>
    <li><a href="https://github.com/zendframework/zf2-documentation/edit/master/docs/languages/en/modules/zend.authentication.adapter.dbtable.rst" rel="nofollow">Edit Source</a>
    </li>
  </ul>
        <p style="font-size: 12px">
            Note: You need to stay logged into your <a href="http://www.github.com/">GitHub account</a> to contribute to the documentation.
        </p>
<div id="searchbox" style="display: block;">
  <h3>Quick search</h3>
    <form class="search" action="../search.html" method="get">
      <input name="q" type="text">
      <input value="Go" type="submit">
      <input name="check_keywords" value="yes" type="hidden">
      <input name="area" value="default" type="hidden">
    </form>
    <p class="searchtip" style="font-size: 90%">
    Enter search terms or a module, class or function name.
    </p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
      <div class="clearer"></div>
    </div>
    <div class="related">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="https://packages.zendframework.com/docs/latest/manual/en/genindex.html" title="General Index">index</a></li>
        <li class="right">
          <a href="https://packages.zendframework.com/docs/latest/manual/en/modules/zend.authentication.adapter.digest.html" title="Digest Authentication">next</a> |</li>
        <li class="right">
          <a href="https://packages.zendframework.com/docs/latest/manual/en/modules/zend.authentication.intro.html" title="Introduction">previous</a> |</li>
        <li><a href="https://packages.zendframework.com/docs/latest/manual/en/index.html">Zend Framework 2 2.1.4 documentation</a> »</li> 
      </ul>
    </div>

    <div class="footer">
        © Copyright 2012, Zend Technologies Ltd..
      Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3.
    </div>
<div id="edit-button">
    <img src="zend.authentication.adapter.dbtable_files/edit.gif" alt="Edit this document" title="Edit this document" onclick="javascript:$('#editor-trap').toggle();">
</div>
     
<div id="editor-trap">
    <h3>Edit this document</h3>

    <p>
        The source code of this file is hosted on GitHub. Everyone can
        update and fix errors in this document with few clicks -
        no downloads needed.
    </p><p>

    </p><ol>

        <li>
            Login with your <a href="http://www.github.com/">GitHub</a> account.
        </li>

        <li>
            Go to
            <a href="https://github.com/zendframework/zf2-documentation/edit/master/docs/languages/en/modules/zend.authentication.adapter.dbtable.rst">
                Database Table Authentication
            </a> on GitHub.
        </li>

        <li>
            Edit file contents using GitHub's text editor in your web browser
        </li>

        <li>
            Fill in the <b>Commit message</b> text box at the end of the page telling <i>why</i>
            you did the changes. Press <b>Propose file change</b> button next to it when done.
        </li>


        <li>
            On <i>Send a pull request</i> page you don't need to fill in text anymore. Just
            press <b>Send pull request</b> button.
        </li>

        <li>
            Your changes are now queued for review under project's <a href="https://github.com/zendframework/zf2-documentation/pulls">Pull requests</a> tab on GitHub.
        </li>
    </ol>

</div>


  
</body></html>